Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:1517-1

Опубликовано: 24 сент. 2020
Источник: suse-cvrf

Описание

Security update for jasper

This update for jasper fixes the following issues:

  • CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979).
  • CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980).
  • CVE-2017-5499: Validate component depth bit (bsc#1020451).
  • CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456).
  • CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458).
  • CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460).
  • CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152).
  • CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278).
  • CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498).
  • CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637).
  • CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328).
  • CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807).
  • CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1
jasper-2.0.14-lp151.4.9.1
libjasper-devel-2.0.14-lp151.4.9.1
libjasper4-2.0.14-lp151.4.9.1
libjasper4-32bit-2.0.14-lp151.4.9.1

Ссылки

Описание

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки

Описание

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.

Затронутые продукты
openSUSE Leap 15.1:jasper-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper-devel-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-2.0.14-lp151.4.9.1
openSUSE Leap 15.1:libjasper4-32bit-2.0.14-lp151.4.9.1
Ссылки